Posted
by
kdawson
on Tuesday December 14, 2010 @06:45PM
from the decade-overdue dept.

Okian Warrior writes "As reported on the EFF website, today the US Court of Appeals for the Sixth Circuit ruled that the contents of the messages in an email inbox hosted on a provider's servers are protected by the Fourth Amendment, even though the messages are accessible to an email provider. As the court puts it, 'The government may not compel a commercial ISP to turn over the contents of a subscriber's emails without first obtaining a warrant based on probable cause.'"

What would you doIf you were asked to get fondled for freedom?What would you doIf asked to let your junk take the sacrifice?

Would you think about all them peopleWho gave up everything they had?Would you think about all them flight vetsAnd would you start to feel bad?

Freedom isn't freeIt costs folks like you and meAnd if we don't all get fondledThe terrists will win, they will!Freedom isn't freeNo, there's a hefty in' fee.And if you don't get scanned by the TSAWho will?

If you buy a handgun, you are more likely to use it against yourself or a member of your family than against a bad guy trying to hurt you. That would seem to indicate very limited efficacy for "self-defense".

Not coincidentally, most people are idiots. So, any time you feel compelled to point out that a device is "dangerous" because a lot of people hurt themselves with it, remember to take into account the common thread tying "most" accidents together.

And also try to remember that those stats don't necessarily count the number of criminals who run away without being shot; "crimes prevented" and "crimes prevented because the bad guy was lying in a pool of blood" are not directly interchangeable.;)

So why in the world would anyone fight to make sure that every single one of them could carry a lethal weapon hidden on their person? Even to the point of misinterpreting a constitutional amendment regarding states' rights and militias to mean that every one of those idiots gets to pack heat.

Why should a stupid person have fewer rights than a genius? Driving is a privilege rather than a right. I'm far more concerned with idiot drivers; an automobile is far more dangerous than a handgun. At most, a handgun can kill 7 or 8 people at a time, and only one at a time by accident. Meanwhile, an idiot behind the wheel can easily kill and maim a dozen or more with one shot, even an accidental shot. And it's no easier to suicide with a gun than any other means; lots of people hang themselves. [latimes.com]

Notice they said an Internet Service Provider's servers, not a small business, or a large enterprise, or a non-profit, or government of any kind. How many people do you know that still use the Email service that comes with their ISP?

But, according to the various telecommunications acts passed over the years, if they become aware of criminal activities (such as child pornography trafficking) while they're inspecting your email, they're supposed to report it to "the authorities". And they (just like any ISP) are allowed to inspect *any* emails passing through their systems for purposes of performance monitoring and whatnot.

Call me all the names you want, but you'll think twice next time you put out a blanket request for negative moderation. I take my Karma very seriously.

You - and people like you - are exactly what's wrong with/.'s moderation system. You abuse moderation points to wage personal vendettas, proving conclusively that you in no way DESERVE mod points. But, because you are a prolific generator of what, back in the BBS era, we called "shit posts", you get lots of moderator points to abuse.

And THAT is what sucks about/.'s mod point award algorithm - it rewards quantity, rather than quality, and enables prolific idiots like you to fuck up the comment ratings of p

Maybe I'm being ridiculous, but I'd be more comfortable with the federal government reading my mail than Google.

You are ridiculous. One, you can choose to use or not use Gmail. Two governments have killed more people than any business. That I know of the business that has caused the most deaths was Union Carbide, the Bhopal Disaster [wikipedia.org]. An estimated 15,000 people were killed during and after the spill. 15,000, now how many people have governments killed? In the 1994 Rwandan genocide [wikipedia.org] an estimated 800,000

I'm proud to live in a country that takes due process very seriously and I know my government wouldn't be reading my email without a good reason. Governments are not all the same; comparing Rwandan revolutionaries to respected world leaders like the US and Britain is both asinine and irresponsible. The recent Wikileaks documents haven't indicted the US government; they've vindicated it. If the biggest scandal we can come up with is the Secretary of State using spies on the head of the UN, you know we run a

While I agree that is ridiculous. It makes sense somewhat. If your mail is readable by the Government, well that's just uncomfortable and a potential liability and an open door to abuse.

If your mails is readable by Google, then in addition of being searched for bombs and cilhd pron, you'll be searched for magazine subscriptions, sports equipment etc, with AIs analyzing you, psychologically profiling you, to find out not only what to sell you but how. And afterwards your information will be resold and reso

Of course I use PGP/GPG if I send sensitive data, but you are wrong. It is not the point that Google can read it (of course they can, they own it.) The government needs a search warrant to access Google's e-mail, not mine, unless Google chooses to give them access. Note that I am not saying I think Google would just hand the information over, but there is another important implication: A warrant for my emails to and from a Google account will not be enforceable, since they are not my e-mails, they are Go

Notice they said an Internet Service Provider's servers, not a small business, or a large enterprise, or a non-profit, or government of any kind. How many people do you know that still use the Email service that comes with their ISP?

Courts rule on the circumstances presented in the case, which was an ISP. However, there is nothing in the reasoning applied in the decision that is particular to the ISP-customer relationship. It probably wouldn't apply to the business email of an employee where the seizure was

This is just like a Bank Safety Deposit box. You put stuff there for money, but it's equally tenuous to think owning a 18"x3"x9" box has any "expectation of privacy too" as the Bank has all the keys anyway. Except of course Banks protect YOUR property on THEIR premises even for legal measures, with extreme prejudice. This really isn't any different.

The main difference is that ISPs are staffed by the geeks that don't know all their rights and have the money to afford the lawyers and Banks are staffed by Iv

My safe is in my basement, together with my mail server, which is actually _in_ the safe.Opening the safe will shut off the mail server and you would have to know the Truecrypt passphrase to restart it and get at anything.

Well if you want to split hairs, Internet Service Provider can mean anyone who provides any kind of service on the internet. Including small businesses, large enterprises, non profits and governments. So there. Now do you see why the lawyers will always win?:P

This ruling is just like needing a warrant to search your safety deposit box located at a bank. The government's case was that "they didn't need to tell you" in order to access the records because they weren't in your "possession". If you tried the same argument on a banker they'd laugh in your face and call the judge directly to bitch about you.

Well, the company owns your company email. So, ignoring a couple of idiot friends who inexplicably use their corporate email for personal purposes, they *all* use an Internet Service Provider for email, by definition. The Internet Service which is Provider-ed is "email," in that case. In fact, I provide my own email services - which makes me a small-scale ISP according to the law.

well I believe they cant enter your place of work without being let in or a warrant (though that would usually be trivial......"oh, we're here to search this desk....." guard: "sure, come on in", but once inside they can search your desk (though probably not anything thats in a locked drawer or box [i.e. a hard-drive])

They can't legally compel them, but they can "request convincingly", I imagine. Does this mean that if the police ask my ISP for my email and my ISP hands the records over without a warrant, any evidence gotten that way is inadmissible? Does it mean I can sue my ISP?

In a physical search, anyone living in a house can consent to a search of the property. Can Comcast voluntarily consent to a search of their customers' email?

Yes, this means that evidence obtained in this manner in the future would be inadmissible in court. According to the brief, they decided in this case since the law had not yet been deemed unconstitutional and the officers acted in good faith, the evidence was still admissible for this particular case.

Whether or not you can sue your ISP is a civil matter, pertaining to contract law, and this ruling should not apply.

They can't legally compel them, but they can "request convincingly", I imagine. Does this mean that if the police ask my ISP for my email and my ISP hands the records over without a warrant, any evidence gotten that way is inadmissible?

Essentially, yes (it means that it is just as inadmissible as any other evidence obtained in violation of the Fourth Amendment, but there are circumstances where such evidence is not excluded -- including, particularly, the case at hand, in which Sixth Circuit found that the

... including, particularly, the case at hand, in which Sixth Circuit found that the evidence need not be excluded because of the Government's good-faith reliance on a statute that, while the Court did find it unconstitutional, was not so clearly unconstitutional that reasonable law enforcement officers could not believe that it allowed what they used it to do.

So much for the doctrine that an unconstitutional law is null and void from its inception, as is everything done under its sole authority.

So much for the doctrine that an unconstitutional law is null and void from its inception, as is everything done under its sole authority.

The good-faith reliance exception to the exclusionary rule, which IIRC is nearly as old as the rule itself, has always been outside the scope of that doctrine (its not seen as contrary to it, since the exclusionary rule itself is simply a remedy to a Constitutional violation, not an independent Constitutional mandate, and the good-faith reliance exception is viewed as ess

The good-faith reliance exception to the exclusionary rule, which IIRC is nearly as old as the rule itself, has always been outside the scope of that doctrine (its not seen as contrary to it, since the exclusionary rule itself is simply a remedy to a Constitutional violation, not an independent Constitutional mandate, and the good-faith reliance exception is viewed as essential to the purpose of the remedy, which is to deter unconstitutional actions by law enforcement, which purpose -- the Courts have repeatedly held -- excluding evidence seized under provisions of statute that officers reasonably believed were constitutional does not serve.)

Damn, that's some serious butchering of the English language.At least when people write software code instead of legal code we don't try to pretend that it is English.

This sounds to me much more like a PO Box: correspondence is sent to it and kept in it, and even though the box is the physical property of the mailbox company, the contents are the legal, private property of the person renting the box. Police can't just go into a box unless they have probable cause (or exigent circumstances, like they think there's a bomb there or something smells weird, or is moving (e.g. an animal), say), and the mailbox company can't open it either even if it decides to comply with a v

Unfortunately, there's also nothing to compel an ISP not to hand it over anyway, just to play nice with law enforcement. If you really want privacy, you have to use proper encryption. Once you've sent it to someone else, you never know where it will end up. Anyone with access to it can CHOOSE to share it with anyone they want. It's a dark dismal world we live in.

Does the same thing apply to a physical mailbox (assuming it's rented, not owned, of course)? Logically the same rules would apply to a third party storing your personal messages, whether on paper or electronic.

Sure, it's sometimes a problem to try to hammer new technologies into old legal frameworks, but this doesn't seem to be one of those cases.

Let's say you use a Gmail address as your primary email instead of whatever's provided by the people who provide your internet connection. Do they count as an "internet service provider" here, or is this decision as narrow as it sounds?

I wonder how many Slashdotters have donated to the EFF. I did $65 last year and this year bought $80 worth of keychains and hats to hand out this holiday season. I wish geeks would understand the real value that the EFF has brought to the discourse when it comes to our digital freedoms in America. May all Deities bless the EFF.

Can I submit a formal request that demands my email provider not release any of my emails without being forced by warrant. If I can't stop voluntary compliance, then this is not very helpful anyway. In other words, we need the supreme court to rule that it is illegal for the host to disclose my emails without a warrant or this doesn't help in any meaningful way.

Read e-mail vs track/sort the ip/to/from headers?
Thats the very old trick that is used. A massive passive database of who is connected to who. One person gets a real court sneak and peek letter, anyone one connected gets their email lists sorted - who they are connecting to and so on.
So if they dont read they can collect all connecting details they want.

A bit like the NYPD collecting IMEI numbers via an offer to remove a cell phone battery to prevent leakage.NYPD tracking cell phone owners [nydailynews.com].
Its the number/ip/logs/connections thats interesting long term, the contents can wait.

Re Massive passive? Awesome possum!
vs the personal touch of a gps tracker wired deep into your car, your voice print on file, your OS and keyboard accessed, your calls to family and friends getting near real time translation, your internet logs getting looked at by a human.
The massive part would be long term billing (name), ip and IM/email usage been logged over a few different networks, protocols and databases.

Indeed. It's an "old trick" that has been upheld by the Supreme Court. The aggregation of the start and end points of a conversation, but not the content of a conversation, constitutes what is known as a "pen register". Such collection was judged to be legal without a warrant or court oversight in Smith v. Maryland 442 U.S. 735 (1979) [findlaw.com]. Courts have subsequently found that pen register statutes apply similarly to IP addresses, logs of web sites visited, and the "envelope" of an email message — its To: a

At one point, Enzyte customers seeking a refund were told they needed to obtain a notarized document
indicating that they had experienced “no size increase.” The admittedly ingenious idea behind the policy
was that nobody “would actually go and have anything notarized that said that they had a small penis.”

Because reputation based systems (i.e., anyone hosting more than 1,000 mail accounts, and some smaller systems) are going to see that you don't own that IP, and don't own the reverse lookup on that IP. So they will score you badly.

On top of that it's virtually guaranteed that your ISP explicitly forbids running services on your home Internet connection, and probably even mentions email as a service you're not allowed to run. Most large ISPs also block all TCP/25 traffic going through their networks that is not aimed at their own email servers (which is why TCP/587 is so popular for SMTP submission with third party email providers), and you HAVE to use that port for server to server email traffic.

Also: You have to run your own spam filter or you get buried and/or your IP line tied up.

(And as someone who's been doing email since it was UUCP and the number of mail-exchanging sites fit on three printed pages, let me tell you that there will be a LOT of spam pouring into even a little bitty mail domain. Once any real mail address gets harvested it will be flooded forever. They'll also guess plausible addresses, generate spam to your domain contact email addresses and derivatives of them,...)

Spam to a small address need not be that bad. I "rent" a.net address, have had it for more than a decade, and don't use spam filtering on incoming mail. Also I capture everything sent to the address and send it to a default account, which I review.

I get about 25 bounce backs a week from people wanting to confirm that an email with a forged header, seemingly from my domain, was legitimate. Occasionally I see WoW phishing emails or something about Viagra. It's not that bad. All of these go to the catch-

I run a mail server from my home. My ISP, Qwest, explicitly allows [qwest.com] you to run servers from a home account:

Service may be used to host a server, personal or commercial, as long as server is used pursuant to the terms and conditions of this Agreement applicable to Service and not for any malicious purposes.

Furthermore, while they may filter port 25, they will open it at your request. Finally, you are right that you need to have reverse DNS configured correctly to avoid being filtered. Qwest will do this for anyone who pays for a static IP, which you need anyway if you are running a home server, and only costs $5 a month. It took me 5 minutes on the phone to get all this setup with them (after spending hal

Yes, well, all true. Running your own mail server gets very old after a while. Really need back up spooling, it's painful running mission-critical services on a home-based box (yes, my wife's e-mail is mission-critical to her...), etc, etc.

So... I do the middle solution. I pop mail down from my ISP every few minutes, and requeue it to my own IMAP server. No mail to me sits on an ISP's spool for more than a few minutes under normal circumstances, but I have no worries about power outages, reboots, etc.

If you have the extra money, I think it's worth it to ride right past $BIG_CONSUMER_ISP and go with something like Covad. They don't care what services you run, or if you max your connection all day and night. An ISP like this will enable you to run your own mail providing you:- Also run your own DNS- Have the ISP delegate/host reverse DNS- Have at least one static IP

In my opinion it's worth it for the extra control, but you also have to be willing to handle data and battery backup to make things reliable.

There are several discussions about why you shouldn't. If you're willing to pay a few dollars a year to dyndns, and use a pre-configured server from Zentyal, SME or ClarkConnect, you should be able to do what you're looking for (I do) and stay reasonable safe.

Er, maybe I'm just cynical, but it (unfortunately) seems like both parties are willing to throw civil liberties under the bus when they think it's important; they differ mainly with regard to what they think is important. Call it a cynical hunch, but I suspect that if Obama were to appoint Janet Reno (Bill Clinton's attorney general) to the Supreme Court, she wouldn't be terribly eager to rein in the might of the federal government or limit the scope of its authority, and she's quite far to the left.

The candidates that tend to become President in the US tend to fall along that line. Too much deviation from it and doesn't work for whatever reason. America is for the most part a pretty centrist country. Might be wh